<?php
/**
 * File containing the BRail_Ntlm_Recognition class.
 * @package BRail_Ntlm
 * @deprecated deprecated since version 1.3.0
 */

/**
 * @package BRail_Ntlm
 * @deprecated deprecated since version 1.3.0
 */
class BRail_Ntlm_Recognition
{
    /**
     * Error code when auth fails
     */
    const NTLM_AUTH_FAILED = 1;

    /**
     * Error code when using a proxy
     */
    const NTLM_PROXY = 2;

    /**
     * Error code when not using IE
     */
    const NOT_IE = 3;

    /**
     * Contains the error code of the last error
     * @var int
     */
    public static $error = 0;

    /**
     * Get information from NTLM
     * @return int One of the defined constants
     */
    public static function getInfosFromNTLM()
    {
        @session_start();

        if (false === strpos($_SERVER["HTTP_USER_AGENT"], 'MSIE 6.0')) {
            return self::NOT_IE;
        }

        if (!empty($_SERVER['HTTP_VIA'])) {
            return self::NTLM_PROXY;
        }

        $header = apache_request_headers();
        $auth = isset($header['Authorization']) ? $header['Authorization'] : null;
        if ($auth === null) {
            return self::unAuthorized();
        }

        if ($auth && (substr($auth, 0, 4) === 'NTLM')) {
            $decoded = base64_decode(substr($auth, 5));
            $state = ord($decoded{8});

            switch ($state) {
                case 1:
                    $ret = "NTLMSSP";
                    foreach (array(0, 2, 0, 0, 0, 0, 0, 0, 0, 40, 0, 0, 0, 1, 130, 0, 0, 0, 2, 2,
                                   2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) as $chr) {
                        $ret .= chr($chr);
                    }
                    return self::unAuthorized(trim(base64_encode($ret)));

                case 3:
                    $l = ord($decoded{31}) * 256 + ord($decoded{30});
                    $o = ord($decoded{33}) * 256 + ord($decoded{32});
                    $domain = str_replace("\0", "", substr($decoded, $o, $l));
                    $l = ord($decoded{39}) * 256 + ord($decoded{38});
                    $o = ord($decoded{41}) * 256 + ord($decoded{40});
                    $user = str_replace("\0", "", substr($decoded, $o, $l));
                    return $user;
            }
        }
    }

    /**
     * Build the unAuthorized HTTP header
     * @param string $msg
     * @return int One of the defined constants
     */
    public static function unAuthorized($msg=null)
    {
        $ntlm = 'WWW-Authenticate: NTLM';
        if ($msg) {
            $ntlm .= ' ' . $msg;
        }
        header('HTTP1.0 401 Unauthorized');
        header($ntlm);
        return self::NTLM_AUTH_FAILED;
    }

    /**
     * Get the login
     * @return bool|string False on error, information when successful
     */
    public static function getLogin()
    {
        $retVal = self::getInfosFromNTLM();
        switch ($retVal) {
            case self::NTLM_PROXY:
            case self::NTLM_AUTH_FAILED:
            case self::NOT_IE:
                self::$error = $retVal;
                return false;
            default:
                return strtoupper($retVal);
        }
    }
}
